Cloud computing refers to the practice of using a network of remote servers hosted on a public network (e.g., the Internet) to deliver information computing services (i.e., cloud services) as opposed to doing so on a local server. The network architecture (e.g., virtualized information processing environment comprising hardware and software) through which these cloud services are provided to service consumers (i.e., a cloud service consumers) is referred to as “the cloud”, which can be a public cloud (e.g., cloud services provided publicly to cloud service consumers) or a private cloud (e.g., a private network or data center that supplies cloud services to only a specified group of cloud service consumers within an enterprise), or a community cloud (e.g., a set of cloud services provided publicly to a limited set of cloud service consumers, e.g., to agencies with a specific State/Region or set of States/Regions), dedicated/hosted private cloud, or other emerging cloud service delivery models. The underlying intent of cloud computing is to provide easy, scalable access to computing resources and information technology (IT) services to cloud service consumers.
Cloud services can be broadly divided into four categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Managed Services. Infrastructure-as-a-Service refers to a virtualized computing infrastructure through which cloud services are provided (e.g., virtual server space, network connections, bandwidth, IP addresses, load balancers, etc). Platform-as-a-service in the cloud refers to a set of software and product development tools hosted on the cloud for enabling developers (i.e., a type of cloud service consumer) to build applications and services using the cloud. Software-as-a-service refers to applications that are hosted on and available on-demand by cloud service consumers via the cloud. Managed Services refers to services such as backup administration, remote system administration, application management, security services, etc. that are enabled by managed service providers for any Cloud services.
In general, a cloud service has three distinct characteristics that differentiate it from a traditionally hosted service. The first one of these distinct characteristics is that it is sold to a services consumer on demand (e.g., by the minute or the hour). The second one of these distinct characteristics is that it is dynamic (e.g., a services consumer can have as much or as little of a service as they want at any given point in time). The third one of these distinct characteristics, which applies specifically to public clouds as opposed to private or hybrid clouds, is that the service is fully managed by a cloud services provider (e.g., the services consumer only needs a suitably equipped client device and network connection). This third functionality is particularly relevant to public clouds. However, private clouds can be managed by an internal IT department or through ITO (IT Outsourcing) contracts. In these examples, I&O (Infrastructure & Operations) administrators act as the cloud provider and, accordingly, this third functionality would be of similar relevance.
The cloud is rapidly being adopted by business and IT users as a way to make their organizations more effective and to save costs. Along with this opportunity comes a new set of pain points and significant risks to enterprises that must be addressed. For example, business users are rapidly investing in their own cloud capabilities (e.g., IaaS, PaaS, and SaaS) to meet business needs while application developers want to move rapidly without the involvement of IT to provision tools and environments. These actions are creating a significant threat to IT management whom are worried about considerations such as, for example, managing costs, chargeback, capacity and resources from the result of unrestrained/unplanned cloud expansion.
FIG. 1 shows an example of a traditional cloud management model 100 leading to business unit cloud service users 105 and IT organization cloud service users 108 (i.e., cloud service users) of a cloud service consumer 110 (e.g., a business, an institution, an individual or the like) directly implementing cloud services via cloud service providers 115 (e.g., IaaS, PaaS, SaaS, ERP, and MS available on one or more outside networks) without oversight and/or involvement of a centralized resource (e.g., IT management). ERP refers to enterprise resource planning and MS refers to Managed Services such as security, backup, monitoring and governance services offered by cloud service providers or a CSB platform provider (i.e., the entity that manages and administers the CSB platform). Examples of the cloud service categories include, but are not limited to, enterprises resource planning services, Infrastructure as-a-Service, Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and managed services.
There are numerous challenges and limitations in regard to implementing and managing cloud services that arise from the traditional cloud management model 100 discussed above in reference to FIG. 1. Examples of these challenges and limitations include, but are not limited to, different portions (e.g., user, entities, departments, etc) of a given cloud service consumer individually buying cloud services; different portions of a given cloud service consumer purchasing cloud services at different price points from the same cloud services provider; actions of different portions of a given cloud service consumer creating gaps in current business entity processes; disparate billing, payment, contract and settlement process for cloud services of a given cloud service consumer being created; IT interests of a given cloud service consumer being required to undertake actions such that it mimic a cloud service provider; existence of inconsistent service management and service-level-agreement (SLA) compliance across cloud service providers; and loss of effectiveness in implementing and managing cloud services due to broken processes across business, IT demand and supply organizations.
Accordingly, underlying problems that exists in cloud computing is that the need for intermediaries to aggregate, integrate or customize cloud services and that this need grows significantly as the number of cloud services and the rate of consumer adoption grows. Without such intermediaries being able to effectively and efficiently manage cloud services, cloud service consumers must manage numerous transactions (e.g., payments, governance, data movement, customization and enrichment) associated with their cloud service providers and cloud services. This can rapidly become a task that is difficult, time-consuming and expensive, especially when they are consuming numerous cloud services from independent providers. Furthermore, traditional approaches for managing cloud services leads to the adverse situation of vendor “lock-in” in which cloud service consumers are undesirably tied to a particular vendor or set of vendors for all or a portion of their cloud services. Therefore, methodologies and systems for implementing cross provider security management functionality within a cloud service brokerage platform would be beneficial, desirable and useful.